Skip to main content
CVE-2019-13984 HIGH POC This Week

Directus 7 API before 2.3.0 does not validate uploaded files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Directus 7 Api
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-13980 HIGH POC This Week

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Nginx Apache RCE +1
NVD GitHub
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-13979 HIGH POC This Week

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Directus 7 Api
NVD GitHub
CVSS 3.0
8.8
EPSS
2.6%
CVE-2019-13978 HIGH POC This Week

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ovidentia
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-13969 HIGH POC This Week

Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Metinfo
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-1579 HIGH POC KEV THREAT This Week

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Paloalto RCE Pan Os
NVD
CVSS 3.1
8.1
EPSS
39.3%
CVE-2019-7590 HIGH POC PATCH This Week

ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Exacqvision Server
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-13989 HIGH POC This Week

dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Dpic
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1010239 HIGH POC PATCH This Week

DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Cjson Timesten In Memory Database
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-1010142 HIGH POC PATCH This Week

scapy 2.4.0 is affected by: Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Scapy Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-1010136 HIGH POC This Week

ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gpn2 4P21 C Cn Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
1.7%
CVE-2019-11552 HIGH POC This Week

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Code Injection RCE Code42 For Enterprise Crashplan For Small Business
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2019-11990 HIGH This Week

Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Universal Internet Of Things
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-11553 HIGH This Week

In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Code42
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-13974 HIGH PATCH This Week

LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP CSRF Layerbb
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-1010100 HIGH This Week

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Rufus
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-9228 HIGH This Week

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Median 500L Msbr Firmware Median 500 Msbr Firmware Median M800B Msbr Firmware Median 800C Msbr Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-12946 HIGH This Week

Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Elcom Cms
NVD
CVSS 3.0
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy